Login

Oracle Linux 3 / 4 : xpdf (ELSA-2009-0430)

High Nessus Plugin ID 67845

Synopsis

The remote Oracle Linux host is missing a security update.

Description

From Red Hat Security Advisory 2009:0430 :An updated xpdf package that fixes multiple security issues is now available for Red Hat Enterprise Linux 3 and 4.This update has been rated as having important security impact by the Red Hat Security Response Team.Xpdf is an X Window System based viewer for Portable Document Format (PDF) files.Multiple integer overflow flaws were found in Xpdf's JBIG2 decoder. An attacker could create a malicious PDF file that would cause Xpdf to crash or, potentially, execute arbitrary code when opened.(CVE-2009-0147, CVE-2009-1179)Multiple buffer overflow flaws were found in Xpdf's JBIG2 decoder. An attacker could create a malicious PDF file that would cause Xpdf to crash or, potentially, execute arbitrary code when opened.(CVE-2009-0146, CVE-2009-1182)Multiple flaws were found in Xpdf's JBIG2 decoder that could lead to the freeing of arbitrary memory. An attacker could create a malicious PDF file that would cause Xpdf to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0166, CVE-2009-1180)Multiple input validation flaws were found in Xpdf's JBIG2 decoder. An attacker could create a malicious PDF file that would cause Xpdf to crash or, potentially, execute arbitrary code when opened.(CVE-2009-0800)Multiple denial of service flaws were found in Xpdf's JBIG2 decoder.An attacker could create a malicious PDF that would cause Xpdf to crash when opened. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)Red Hat would like to thank Braden Thomas and Drew Yao of the Apple Product Security team, and Will Dormann of the CERT/CC for responsibly reporting these flaws.Users are advised to upgrade to this updated package, which contains backported patches to correct these issues.